Install the patch immediately for Windows Server & Windows 10 to run IIS so that it will not be attacked by DOS

Recently, Microsoft has posted a warning message regarding security issues on its security response center (Security Response Center), with content related to Windows Server and Windows 10 servers being Running Internet Information Services (IIS) easily becomes the target of denial of service (DOS) attacks.

More precisely, all IIS servers running Windows Server 2016, Windows Server Version 1709, Windows Server Version 1803, as well as Windows 10 (versions 1607, 1703, 1709 and 1803) are affected by This DoS incident.

The vulnerability described in Microsoft's ADV190005 security recommendation allows a potential remote attacker to activate the DoS status by taking advantage of the IIS resource exhaustion error, which means it "can temporarily cause System CPU usage spikes 100%, at least until malicious connections are actually removed entirely by IIS '.

These malicious agents can launch DoS attacks against vulnerable Windows servers by sending multiple HTTP / 2 requests manually.

Install the patch immediately for Windows Server & Windows 10 to run IIS so that it will not be attacked by DOS Picture 1

  1. Use an 8-character Windows NTLM password? Congratulations, your password may be unlocked after only 2.5 hours

Microsoft also advises that there is no mitigation or solution for the vulnerability reported by Gal Goldshtein of F5 Networks, and they recommend that all users install February updates that are not covered. The secret listed in the table below is as follows:

Version Version Patch Windows 10 Version 1607 for 32-bit Systems 4487006 Windows 10 Version 1607 for x64-based Systems 4487006 Windows 10 Version 1703 for 32-bit Systems 4487011 Windows 10 Version 1703 for x64-based Systems 4487011 Windows 10 Version 1709 for 32-bit Systems 4487021 Windows 10 Version 1709 for 64-based Systems 4487021 Windows 10 Version 1709 for ARM64-based Systems 4487021 Windows 10 Version 1803 for 32-bit Systems 4487029 Windows 10 Version 1803 for ARM64-based Systems 4487029 Windows 10 Version 1803 for x64-based Systems 4487029 Windows Server 2016 4487006 Windows Server 2016 (Server Core installation) 4487006 Windows Server, version 1709 (Server Core installation) 4487021 Windows Server, version 1803 (Server Core installation) 4487029


Details are given in Microsoft's ADV190005 security recommendation as follows:

"HTTP / 2 allows the client to specify any number of SETTINGS frames with any number of SETTINGS parameters. However, in some cases, excessive installation may cause services to become unstable. and thus lead to CPU usage temporarily spike until the connection time runs out and the connection is closed ".

As a way to improve the situation, Redmond's security team "has added the ability to specify thresholds for the number of HTTP SETTINGS / 2 in the request", threshold levels must be set by the IIS administrator after evaluation. The environment and HTTP / 2 on their systems require protocols, as they will not be preconfigured by Microsoft.

Install the patch immediately for Windows Server & Windows 10 to run IIS so that it will not be attacked by DOS Picture 2

  1. MySQL vulnerabilities allow malicious servers to steal data from customers

To set these limits, Microsoft has added the following registry entries to vulnerable Windows 10 releases:

Path:

 ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesHTTPParameters 

Name : Http2MaxSinstallPerFrame

Type : DWORD

Data : The minimum supported value is 7 and up to 2796202. Value outside the range is cut to the corresponding minimum / maximum end value.

Path:

 ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesHTTPParameters 

Name : Http2MaxSettingsPerMinute

Type : DWORD

Data : The minimum supported value is 7. The smaller value is cut to the minimum value.

After the thresholds are placed on the Windows system running IIS, the connections will be immediately canceled if:

  1. If a single Setting frame contains more settings than the "Http2MaxSinstallPerFrame" value.
  2. If the number of parameter settings in many Setting frames is received within one minute, pass the "Http2MaxSinstallPerMinute" value.

Besides, according to Microsoft, it should be noted that you may have to restart the service or restart the server so that the newly added registry values ​​can be read.

  1. Microsoft shook hands with VirusTotal in resolving malicious code issues that affected MSI files

Running Windows servers that were previously exploited by the attacker with the help of zero-day in IIS 6.0 will affect WebDAV services by default in all IIS distributions, from July 7 2016 to March 2017.

4.3 ★ | 3 Vote

May be interested

  • How to install a VPN on Windows Server 2019How to install a VPN on Windows Server 2019
    today's article is a step-by-step guide on how to install and configure a vpn on windows server 2019. this article will show you how you can easily set up a vpn server for a small environment, branch office or a hosted server. .
  • Microsoft is about to release Patch TuesdayMicrosoft is about to release Patch Tuesday
    media reports say microsoft is preparing to release nine patches in the patch tuesday package next week, including five that are 'important.'
  • How to install and use IIS on Windows Server 2019How to install and use IIS on Windows Server 2019
    according to microsoft, web server (iis) in windows server 2019 provides a secure, easy to manage, modular, and scalable platform for reliably hosting websites, services, and applications. .
  • How to install software for clients from Windows Server 2012 R2 using Group PolicyHow to install software for clients from Windows Server 2012 R2 using Group Policy
    windows server 2012 r2 includes a feature called software installation and maintenance with the ds, group policy, and windows installer services used to install, maintain, and remove software on your computer. in the following article, network administrator will guide you through the steps to install software for clients from windows server 2012 r2 using group policy.
  • Steps to install Microsoft SQL Server on Windows 10Steps to install Microsoft SQL Server on Windows 10
    instructions on how to install microsoft sql server on windows 10, a database management system from microsoft. install sql server and ssms is a gui tool to support sql server manipulation
  • New update of Windows Server causes many serious errorsNew update of Windows Server causes many serious errors
    recently, microsoft released updates kb5009555 for windows server 2012 r2, kb5009557 for windows server 2019, and kb5009555 for windows server 2022. these updates are part of the january 2022 patch tuesday updates.
  • 5 best patch management and monitoring software5 best patch management and monitoring software
    patch management software not only helps you update the system but also saves your company from potential threats, ransomware, viruses and exploits, which can cripple the it infrastructure.
  • How to install the Print Server in Windows Server 2012How to install the Print Server in Windows Server 2012
    in today's article, we will see how to install the print server, which is very important for administrators and system management.
  • How to install Nextcloud server on Windows 10How to install Nextcloud server on Windows 10
    nextcloud is a perfect replacement for owncloud cloud storage software. it has both an open source community version and a paid business version.
  • Install Role, configure role on Windows Server 2012Install Role, configure role on Windows Server 2012
    like previous versions, windows server 2012 has many associated roles. roles and features are tools you need to install or enable to complete your it administration tasks, if you don't install them, you can't do anything. in this article, we will learn how to install and configure the most important roles.